pypi

4,979 tracked vulnerabilities.

CVE-2026-44304 HIGH
Lemur: LDAP Filter Injection enables post-authentication privilege escalation
May 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-43948 CRITICAL
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
May 12, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-42545 MEDIUM
Granian: DoS via WSGI response header panic
May 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-42544 HIGH
Granian: Unauthenticated DoS via WebSocket subprotocol header panic
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42196 CRITICAL
django-s3file: Relative path traversal
May 12, 2026
EPSS 0.01
CVE-2026-44223 MEDIUM
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44222 MEDIUM
vLLM: Remote DoS via Special-Token Placeholders
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44220 LOW
ciguard: discover_pipeline_files follows symlinks out of scan root
May 12, 2026
CVSS 3.2
EPSS 0.00
CVE-2026-44219 LOW
ciguard: SCA HTTP client reads response body without size cap
May 12, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-44218 LOW
ciguard: Container image runs as root (no USER directive)
May 12, 2026
CVSS 3.0
EPSS 0.00
CVE-2026-43891 HIGH
changedetection.io: Arbitrary Local File Read via crafted backup restore
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42303 MEDIUM
Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
May 12, 2026
EPSS 0.00
CVE-2026-42175 MEDIUM
requests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42048 CRITICAL
Langflow: Path Traversal in Langflow Knowledge Bases API
May 12, 2026
CVSS 9.6
EPSS 0.04
CVE-2026-41895 HIGH
changedetection.io: XXE vulnerability in the changedetection.io project
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31245 MEDIUM
mem0 1.0.0 - Unauthenticated Arbitrary Memory Record Creation via Memory Creation API Endpoint
May 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-31241 MEDIUM
mem0 1.0.0 - Unauthenticated Memory Deletion via DELETE /memories Endpoint
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31240 HIGH
mem0 1.0.0 - Unauthenticated Memory Record Manipulation via Memory Management API
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31239 CRITICAL
mamba < 2.2.6 - Remote Code Execution via Insecure Model Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31238 CRITICAL
Ludwig Framework <=0.10.4 - Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31237 CRITICAL
Ludwig Framework <=0.10.4 - Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-31236 CRITICAL
llm CLI < 0.27.1 - Remote Code Execution via --functions Argument
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31235 CRITICAL
imgaug <= 0.4.0 - Remote Code Execution via Insecure Pickle Deserialization in BackgroundAugmenter
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31234 CRITICAL
Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via Insecure KVStore Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-31233 CRITICAL
Guardrails AI Hub <0.6.7 - Code Injection
May 12, 2026
CVSS 9.8
EPSS 0.01